This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

microsoft / Microsoft-365-Defender-Hunting-Queries Public archive

Notifications You must be signed in to change notification settings
Fork 511
Star 1.9k

Code
Issues 12
Pull requests 34
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Pull requests: microsoft/Microsoft-365-Defender-Hunting-Queries

Labels 8 Milestones 0

34 Open 366 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

Add modification-of-exefile-shell-open-key.md

#431 opened Nov 19, 2021 by Karneades

Loading…

Update qakbot-campaign-process-injection.md

#429 opened Nov 9, 2021 by ionsor

Loading…

Update insider-threat-detection-queries.md

#428 opened Nov 3, 2021 by sei-nitc

Loading…

Update Airlift 2021 - Lets Invoke.csl

#423 opened Oct 6, 2021 by KustoKing

Loading…

Attack Surface Reduction Rules Device Events

#422 opened Oct 1, 2021 by deanpickering

Loading…

Updated to use the new UsbDriveMounted event

#419 opened Sep 17, 2021 by mjmelone

Loading…

Update Qakbot discovery activies.md

#417 opened Sep 13, 2021 by cbresponse

Loading…

Create EarthBaku-APT-41-files-domains.txt

#414 opened Aug 26, 2021 by Phoenix9032

Loading…

Initial commit for rclone hunting queries

#413 opened Aug 20, 2021 by LoZio

Loading…

ProxyShell.md

#396 opened Aug 9, 2021 by Shivammalaviya

Loading…

Create Processes Created from Files with Non-ASCII Characters.md

#395 opened Aug 4, 2021 by mjmelone

Loading…

Create Ousaban Banking Trojan.md

#393 opened Jul 28, 2021 by Shivammalaviya

Loading…

Create Pulse Secure.md

#388 opened Jul 22, 2021 by Shivammalaviya

Loading…

Create SolarWinds -CVE-2021-35211

#381 opened Jul 14, 2021 by Shivammalaviya

Loading…

Update Suspicious Spoolsv Child Process.md

#373 opened Jul 2, 2021 by endisphotic

Loading…

Create Detect-PrintNightmare

#369 opened Jul 1, 2021 by Petitohead

Loading…

File Creation Statistical Analysis

#352 opened May 25, 2021 by A-dd-Y

Loading…

Updating to use the new UsbDriveMounted events

#350 opened May 18, 2021 by mjmelone

Loading…

Updated table names in Advanced Hunting section

#334 opened Apr 15, 2021 by woodtechie1428

Loading…

Update Open email link.txt

#326 opened Apr 1, 2021 by darioongit

Loading…

Create Changes to Antimalware Exclusions.md

#255 opened Dec 11, 2020 by mjmelone

Loading…

Update qakbot-campaign-esentutl.md

#253 opened Dec 9, 2020 by anna-g-arbeiter

Loading…

added pages related to dudear activity

#209 opened Aug 21, 2020 by martyav

Loading…

added 2019-rdp-vulnerabilities

#208 opened Aug 20, 2020 by martyav

Loading…

added font-parsing-vulnerabilities.md

#206 opened Aug 20, 2020 by martyav

Loading…

Previous 1 2 Next

Previous Next

ProTip! Type g p on any issue or pull request to go back to the pull request listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly